Gervase Markham wrote: > > Right. But allowing this makes it possible for the identity presented to > not be the identity of the owner of the content. > Correct! > That might actually lead to the idea that we should require that all the > content comes from the same company (O field). But that would be fairly > extreme. > Oh no! There can be multiple certs issued by the same/different CAs and different levels with exactly the same organization name. That's not a good idea in my opinion, even if the different certificates indeed would belong to the same owner - we'd like to know if something on the same site is served by a different level then claimed originally.
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Phone: +1.213.341.0390 _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security